CancelKeyDeletion
Cancels the deletion of a KMS key.
Description
The `CancelKeyDeletion` operation cancels the deletion of a KMS key. When this operation succeeds, the key state changes to `Disabled`. To enable the key, you must use the `EnableKey` operation.
This operation is part of the key deletion process. For more information about deleting keys, see Deleting Keys.
note
- The KMS key that you use for this operation must be in a compatible key state. For details, see Key states required for operations.
- After a key deletion is canceled, the key is still disabled. You must enable it before you can use it again.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.CancelKeyDeletion" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The unique identifier of the KMS key whose deletion you want to cancel. This value can be the key ID or the key ARN of the KMS key. | Yes | string |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.CancelKeyDeletion
{
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The Amazon Resource Name (ARN) of the KMS key whose deletion was canceled. | No | String |
Examples
Example 1: Cancel deletion of a KMS key
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.CancelKeyDeletion
{
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate user input and should be replaced with actual values.
HTTP/1.1 200 OK
Content-Type: application/x-amz-json-1.1
{
"KeyId": "arn:aws:verenc:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate variable response values.
Special Errors
| Error Code | Description |
|---|---|
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidArnException | The key ARN provided is not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| NotFoundException | The request was rejected because the specified key was not found. |
Permissions
To use the `CancelKeyDeletion` operation, you must have the following permissions:
- `kms:CancelKeyDeletion` on the KMS key (specified in the policy)
Try It Out
Test CancelKeyDeletion
Cancel the scheduled deletion of a KMS key.
Coming Soon
This feature is currently under development and will be available soon.